How do I resolve the CloudHSM error "InitializeCluster request failed: CloudHsmInvalidRequestException - TrustAnchor provided is not a valid x509 certificate"?

1 minute read
0

I tried to initialize an AWS CloudHSM cluster, and received the error "InitializeCluster request failed: CloudHsmInvalidRequestException - TrustAnchor provided is not a valid x509 certificate."

Resolution

You must use a self-signed root certificate (customerCA.crt) to sign the cluster certificate signing request (CSR). Verify that the certificate is an issuing certificate or trust anchor root certificate with this AWS Command Line Interface (AWS CLI) command:

Note: If you receive errors when you run AWS CLI commands, see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

$ openssl x509 -in customerCA.crt -text -noout

If the certificate customerCA.crt is a root certificate, then the issuer and subject are the same. For more information, see Sign the CSR.

Related information

What is AWS CloudHSM?

AWS OFFICIAL
AWS OFFICIALUpdated 5 months ago